I'm just brainstorming here but for your specific example could you do something like delegate wildcard record *.example.com to the public DNS servers? Or mail.example.com, etc.
-- Steve Yates ITS, Inc. -----Original Message----- From: List [mailto:[email protected]] On Behalf Of Karl Fife Sent: Friday, July 22, 2016 3:41 PM To: ESF - Electric Sheep Fencing pfSense Support <[email protected]> Subject: [pfSense] DNS Forwarder # exception DNS Forwarder had a domain override *exception* feature that I don't see in DNS Resolver. I'm looking for a equivalent/workaround. Obviously, In both dnsmasq and unbound, I can create a domain override, e.g. Domain IP example.com 10.243.0.1 However, I Don't want the override to answer queries for certain hosts, e.g. mail.example.com, vpn.example.com, because queries to those domains will fail if 10.243.0.1 is not available (e.g. mail.example.com) or not available JUST YET (e.g. vpn.example.com). With dnsmasq, I could create an exception with # so those queries would just fall through to the public DNS, e.g. vpn.example.com # mail.example.com # sip.example.com 10.55.47.1 Certainly I can create a HOST override that resolves the host's public IP, but that breaks when the public IP changes. What's the best way to accomplish these domain override exceptions these days (in unbound/DNSResolver)? Thanks _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
